Date: Fri, 13 Aug 2004 13:36:49 +0200 From: gerarra@tin.it To: freebsd-hackers@freebsd.org Subject: Re: Where is strnlen() ? Message-ID: <4119722900001FCE@ims3a.cp.tin.it> In-Reply-To: <20040813111849.047fae64.thib@mi.is>
next in thread | previous in thread | raw e-mail | index | archive | help
>I agree but what I was thinking at the time if I'm reciving user input to >a >program wich uses strlen I might be vonerable to buffer overflow attacks= >(But >that has been cleard up) and ofcourse in most cases you know the length of >a >string you are using (exept when you are dealing with user input, wich was >the >case in my porting effort.) And since I'm a pedant I think that interduc= ing >new >non-standard functions is not an option so I think I will have to >"turn-my-brain-on" as I mentioned in a previous post. > >Anyways thanks for the replays. I completely agree. Solutions like that (non standard wrappers, run time checking, etc. etc.) ading overhead and could give a false sense of 'secu= rity'; security is a state of mind, if you don't care about your code you can't reach really security. my 2 cents rookie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4119722900001FCE>